Symantec Drive Encryption and Symantec Endpoint Encryption clients allows a system to be fully encrypted using regular passphrase users, or Single Sign-On users (SSO).
The recommended strategy when using Single Sign-On with Windows Logon banners, is to educate the user, to enter the passphrase at preboot authentication screen, and wait until the logon banner appears, then click “OK” to login to the Windows profile. If the user must walk away from the system, it is recommended the user first “Lock” the Windows User Profile (using the Windows Key + L) so that unauthorized persons will not gain access to the Windows Profile while they are away. Another method to lock the screen is to press CTRL+ALT+DEL and then click the option “Lock Computer/Lock this computer”.
http://www.symantec.com/docs/HOWTO42010
For Symantec Endpoint Encryption 11 clients, it is important to educate the end users to click OK to the logon banner, and then lock the screen before walking away as there is no method to disable this functionality.